Command Execution Vulnerability on Gemtek WRTM-127ACN and WRTM-127x9 Devices

Command Execution Vulnerability on Gemtek WRTM-127ACN and WRTM-127x9 Devices

CVE-2020-24365 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)

Learn more about our Network Penetration Testing.